Skip to main content
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
Showing results for 
Search instead for 
Did you mean: 
Contributor II
Contributor II

Advanced Security Rule For Streams and Private Apps


We have a requirement to have a security model where consumers are granted access to a core stream (i.e., Stream ABC) by applying for group membership (i.e., QLIKSENSE_ABC_CONSUMER). The users would have access to all the apps  in the stream if they have membership to the corresponding consumer group.


However, we have a requirement to have certain apps within a stream be private. We would like the user to be required to be in the stream group as well as a private group to see these private apps (i.e., QLIKSENSE_ABC_PRIVATE_CONSUMER). We tried to write the following security rule, but it seems to not be working:



(user.environment.roles=resource.@Consumer and resource.@Hidden!="true")


(user.environment.roles=resource.@Consumer and resource.@Hidden="true" and user.environment.roles=resource.@Exception)



We are using SAML, so we pass through users' group memberships through an attribute called roles. We have a custom property called @Consumer which we apply to Streams and grant access if the @Consumer custom property matches one of the users' groups in the role attribute. In addition, we have a custom property on apps called @Hidden which we set to true if the app needs to be private and a custom property called @Exception to grant access to the private apps. 


If there is a better way of accomplishing our requirements, please suggest as we really would like to get something working... 

0 Replies